CVE-2025-67970 - Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exp

CVE-2025-67969 - Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-co

CVE-2025-67624 - Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images a

CVE-2025-67547 - Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configure

CVE-2025-67438 - A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authentic

CVE-2025-60183 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-60087 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-53237 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-53233 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-53231 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-53228 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-53217 - Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploit

CVE-2025-52744 - Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion F

CVE-2025-52603 - HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenari

CVE-2024-56208 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-54222 - Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-acc

CVE-2024-52387 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-51915 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-50555 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-50452 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-43228 - Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPre

CVE-2024-34438 - Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Sh

CVE-2026-21627 - The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests throu

CVE-2025-14547 - An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE M

CVE-2025-14055 - An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer ov

CVE-2026-2486 - The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi

CVE-2025-10970 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-21620 - Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erla

CVE-2026-26050 - The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue wit

CVE-2026-26370 - WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerabil

CVE-2025-59819 - This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath p

CVE-2026-2825 - A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fi

CVE-2026-2824 - A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cg

CVE-2026-2823 - A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41AC

CVE-2026-2822 - A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unkn

CVE-2026-2739 - This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupt

CVE-2026-27325 - Rejected reason: Not used

CVE-2026-27324 - Rejected reason: Not used

CVE-2026-27323 - Rejected reason: Not used

CVE-2026-27322 - Rejected reason: Not used

CVE-2026-27321 - Rejected reason: Not used

CVE-2026-27320 - Rejected reason: Not used

CVE-2026-27319 - Rejected reason: Not used

CVE-2026-27318 - Rejected reason: Not used

CVE-2026-27317 - Rejected reason: Not used

CVE-2026-2821 - A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5. Impa

CVE-2026-2384 - The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `v

CVE-2026-27017 - uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while s

CVE-2026-26996 - minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objec

CVE-2026-26995 - Rejected reason: Further research determined the issue is an external dependency vulnerability.

CVE-2026-26994 - uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while s

CVE-2026-26993 - Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools.

CVE-2026-26992 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and

CVE-2026-26991 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and

CVE-2026-2820 - A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5.

CVE-2026-2819 - A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the

CVE-2026-27016 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 throu

CVE-2026-26990 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and b

CVE-2026-26989 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and b

CVE-2026-26988 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and b

CVE-2026-26987 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and b

CVE-2026-26980 - Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated a

CVE-2026-26977 - Frappe Learning Management System (LMS) is a learning system that helps users structure their conten

CVE-2026-26960 - node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below,

CVE-2026-26065 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-26064 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-26975 - Music Assistant is an open-source media library manager that integrates streaming services with conn

CVE-2026-26974 - Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.j

CVE-2026-26967 - PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and

CVE-2025-30416 - Sensitive data disclosure and manipulation due to missing authorization. The following products are

CVE-2025-30412 - Sensitive data disclosure and manipulation due to improper authentication. The following products ar

CVE-2025-30411 - Sensitive data disclosure and manipulation due to improper authentication. The following products ar

CVE-2025-30410 - Sensitive data disclosure and manipulation due to missing authentication. The following products are

CVE-2026-2605 - Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.

CVE-2026-2435 - Tanium addressed a SQL injection vulnerability in Asset.

CVE-2026-2408 - Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.

CVE-2026-2350 - Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and T

CVE-2026-27009 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw

CVE-2026-27008 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in `download` skill installat

CVE-2026-27007 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/s

CVE-2026-27004 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, O

CVE-2026-27003 - OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack trac

CVE-2026-27002 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in

CVE-2026-27001 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current worki

CVE-2026-26972 - OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser downl

CVE-2026-26964 - Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows an

CVE-2026-26963 - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions

CVE-2026-26959 - ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the in

CVE-2026-26957 - Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.202602152110

CVE-2026-26329 - OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read ar

CVE-2026-26328 - OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowli

CVE-2026-1292 - Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.

CVE-2026-26958 - filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for b

CVE-2026-26953 - Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tra

CVE-2026-26952 - Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tra

CVE-2026-26327 - OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records

CVE-2026-26326 - OpenClaw is a personal AI assistant. Prior to version 2026.2.14, `skills.status` could disclose secr

CVE-2026-26325 - OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between `rawCommand` and

CVE-2026-26324 - OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be

CVE-2026-26323 - OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in

CVE-2026-26322 - OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted

CVE-2026-26321 - OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previ

CVE-2026-26320 - OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the `openclaw://` URL s

CVE-2026-26319 - OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice

CVE-2026-24122 - Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and bel

CVE-2026-21535 - Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information o

CVE-2026-1658 - User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory S

CVE-2025-9208 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-8055 - Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forg

CVE-2025-8054 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Open

CVE-2025-13672 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-13671 - Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross

CVE-2026-26744 - A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functi

CVE-2026-26317 - OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes ac

CVE-2026-26316 - OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel p

CVE-2026-26315 - go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to ver

CVE-2026-26314 - go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to ver

CVE-2026-26275 - httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-

CVE-2026-2738 - Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by send

CVE-2026-27476 - RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that acc

CVE-2026-27440 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27387 - Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting

CVE-2026-27368 - Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance M

CVE-2026-27360 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27343 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27328 - Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Con

CVE-2026-27327 - Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Con

CVE-2026-27114 - NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to version 6.0.1630

CVE-2026-27014 - NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.

CVE-2026-26313 - go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to ver

CVE-2026-26312 - Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Ma

CVE-2026-26286 - SillyTavern is a locally installed user interface that allows users to interact with text generation

CVE-2026-26282 - NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.

CVE-2025-67305 - In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the p

CVE-2026-27013 - Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies `escapeXml

CVE-2026-26318 - systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are v

CVE-2026-26280 - systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a

CVE-2026-26278 - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object wi

CVE-2026-26267 - soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the

CVE-2026-26205 - opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 ha

CVE-2026-26203 - PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a crit

CVE-2026-26202 - Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an

CVE-2026-26201 - emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple sh

CVE-2026-26200 - HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` f

CVE-2026-26193 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-26192 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-26189 - Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A com

CVE-2026-26063 - CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version

CVE-2025-67304 - In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for th

CVE-2026-27475 - SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter

CVE-2026-27474 - SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete

CVE-2026-27473 - SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area.

CVE-2026-27472 - SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the privat

CVE-2026-26059 - ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible fo

CVE-2026-26057 - Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltra

CVE-2026-23621 - GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vu

CVE-2026-2817 - Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, p

CVE-2026-2409 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-2243 - A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnera

CVE-2026-26339 - Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execu

CVE-2026-26338 - Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side reque

CVE-2026-26337 - Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary fi

CVE-2026-23620 - GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnera

CVE-2026-23619 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23618 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23617 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23616 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23615 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23614 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23613 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23612 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23611 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23610 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23609 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23608 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23607 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23606 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23605 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23604 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-2232 - The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-b

CVE-2026-26336 - Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories

CVE-2026-26030 - Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability i

CVE-2026-26016 - Wings is the server control plane for Pterodactyl, a free, open-source game server management panel.

CVE-2026-25998 - strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing cred

CVE-2026-24834 - Kata Containers is an open source project focusing on a standard implementation of lightweight Virtu

CVE-2026-1581 - The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' para

CVE-2025-69725 - An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote atta

CVE-2025-69674 - Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an at

CVE-2026-2274 - A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23

CVE-2026-26345 - SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area trig

CVE-2026-26223 - SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. T

CVE-2026-25940 - jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and me

CVE-2026-25766 - Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s `middleware.Static` u

CVE-2026-25739 - Indico is an event management system that uses Flask-Multipass, a multi-backend authentication syste

CVE-2026-25738 - Indico is an event management system that uses Flask-Multipass, a multi-backend authentication syste

CVE-2025-71250 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71249 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71248 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71247 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71246 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71245 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71244 - SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An at

CVE-2025-71243 - The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a cri

CVE-2025-71242 - SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. Th

CVE-2025-71241 - SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The con

CVE-2025-71240 - SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The appl

CVE-2026-25755 - jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of t

CVE-2026-25535 - jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argumen

CVE-2026-25527 - changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2

CVE-2025-55853 - SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF convert

CVE-2026-2744 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2019-25430 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unaut

CVE-2019-25429 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25428 - Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the o

CVE-2019-25427 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25426 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25425 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25424 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25423 - Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /

CVE-2019-25422 - Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabilities that allow attackers to inj

CVE-2019-25421 - Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attacke

CVE-2019-25420 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25419 - Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attacker

CVE-2019-25418 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25417 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25416 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25415 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25414 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unaut

CVE-2019-25413 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unaut

CVE-2019-25412 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25411 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25410 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25409 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25408 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25407 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25406 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25405 - Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attacker

CVE-2019-25404 - Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenti

CVE-2019-25403 - Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenti

CVE-2019-25402 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unaut

CVE-2025-9953 - Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Trai

CVE-2025-8350 - Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove

CVE-2025-9062 - Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering

CVE-2025-15563 - Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific

CVE-2025-15562 - The server API endpoint /report/internet/urls reflects received data into the HTML response without

CVE-2025-15561 - An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges

CVE-2025-15560 - An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime serve

CVE-2025-15559 - An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft

CVE-2026-2718 - The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via G

CVE-2026-2716 - The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via